Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2010-1645

Published: 23/08/2010 Updated: 16/02/2012
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Cacti

Vulnerability Summary

Cacti prior to 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

Vulnerable Product Search on Vulmon Subscribe to Product

cacti cacti 0.6.1

cacti cacti 0.6

cacti cacti 0.6.6

cacti cacti 0.6.5

cacti cacti 0.6.2

cacti cacti 0.8.7

cacti cacti 0.8.6g

cacti cacti 0.8.6

cacti cacti 0.8.7a

cacti cacti 0.6.8a

cacti cacti 0.8.2

cacti cacti 0.6.7

cacti cacti 0.8.5

cacti cacti 0.8.6b

cacti cacti 0.8.2a

cacti cacti 0.8.7b

cacti cacti 0.8.6c

cacti cacti 0.8.3a

cacti cacti 0.8.7d

cacti cacti 0.6.8

cacti cacti 0.8.6i

cacti cacti 0.6.3

cacti cacti 0.8

cacti cacti 0.8.6f

cacti cacti 0.8.6d

cacti cacti 0.8.4

cacti cacti 0.8.7c

cacti cacti 0.5

cacti cacti 0.8.6j

cacti cacti 0.8.1

cacti cacti 0.6.4

cacti cacti 0.8.5a

cacti cacti 0.8.6a

cacti cacti 0.8.6h

cacti cacti 0.8.3

cacti cacti 0.8.6k

cacti cacti

Vendor Advisories

Debian CVElist Bug Report Logs: [CVE-2011-4824] SQL injection issue in auth_login.php
Debian Bug report logs - #652371 [CVE-2011-4824] SQL injection issue in auth_loginphp Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Fri, 16 Dec 2011 20:09:02 ...
Debian Security Advisories: DSA-2384-2 cacti -- several vulnerabilities
Several vulnerabilities have been discovered in Cacti, a graphing tool for monitoring data Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands For the oldstable distribution (lenny), this problem has been fixed ...

References

CWE-20http://svn.cacti.net/viewvc?view=rev&revision=5782http://svn.cacti.net/viewvc?view=rev&revision=5778http://secunia.com/advisories/41041http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.phphttp://svn.cacti.net/viewvc?view=rev&revision=5784https://rhn.redhat.com/errata/RHSA-2010-0635.htmlhttp://www.cacti.net/release_notes_0_8_7f.phphttps://bugzilla.redhat.com/show_bug.cgi?id=609115http://www.mandriva.com/security/advisories?name=MDVSA-2010:160http://www.vupen.com/english/advisories/2010/2132https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652371https://nvd.nist.govhttps://www.debian.org/security/./dsa-2384
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook